bench: external token data layer

[antfleet-ops]

Manual file pick from AISynthetics/synthetic-users — x402, Base token metadata, external profile collectors, and source-backed schema.

Source repo: AISynthetics/synthetic-users @ 74774c9a48a7

Files:

• src/miroshark-x402-client.js
• src/base-token-metadata.js
• src/x-profile-collector.js
• src/x-thread-collector.js
• src/agent/source-db.js
• db/source-backed-schema.sql
• tests/miroshark-x402-client.test.mjs
• tests/base-token-metadata.test.mjs

Generated by manual bench onboarding.

[antfleet]

AntFleet · 2 findings

Both reviewers flagged the items below on the changed files. AntFleet posts only what two independent frontier models agree on.

---

Bug · Medium — decodeStringResult off-by-two bound can fail for empty dynamic strings
src/base-token-metadata.js

For ABI-encoded dynamic strings, the function checks clean.length >= (offset + 1) * 2 + 64 before reading the length word. offset is in bytes, so the correct bound to read the 32-byte length is clean.length >= offset2 + 64. The current condition can be too strict (by 2 hex chars) and will reject minimal payloads like empty strings (length 0) where clean.length == offset2 + 64, causing a fallback hex decode of the entire buffer and incorrect results.

Fix: Update the bound check to if (Number.isFinite(offset) && clean.length >= offset2 + 64) { ... }. Keep lenStart = offset2, and use dataStart = lenStart + 64 and data length = length*2 as already implemented.

Out-of-hunk patch artifact (model: claude-opus-4-7)

This non-click-to-apply fix is outside the PR diff hunk, so GitHub cannot render it as a suggestion.

--- a/src/base-token-metadata.js
+++ b/src/base-token-metadata.js
@@
-      if (Number.isFinite(offset) && clean.length >= (offset + 1) * 2 + 64) {
+      if (Number.isFinite(offset) && clean.length >= offset * 2 + 64) {

---

Bug · Medium — Wrong argument key passed to parseMiroSharkX402SharePage causes missing base URL/canonical fallback
src/miroshark-x402-client.js

pollMiroSharkX402Status calls parseMiroSharkX402SharePage with an options object using the key { shareUrl }, but parseMiroSharkX402SharePage expects { url, baseUrl }. Because of this mismatch, the parser may lack the correct base URL when the share page omits og:url/canonical, leading to null/incorrect resolved URLs and weaker parsing in that branch. Tests pass because they include og:url or do not assert url, masking the issue.

Fix: In pollMiroSharkX402Status, change both invocations to pass { url: shareUrl } (and optionally baseUrl if available) instead of { shareUrl }. Example: parseMiroSharkX402SharePage(await fetchText(shareUrl, { fetcher }), { url: shareUrl }).

Out-of-hunk patch artifact (model: claude-opus-4-7)

This non-click-to-apply fix is outside the PR diff hunk, so GitHub cannot render it as a suggestion.

--- a/src/miroshark-x402-client.js
+++ b/src/miroshark-x402-client.js
@@
-    parseMiroSharkX402SharePage(await fetchText(shareUrl, { fetcher }), { shareUrl });
+    parseMiroSharkX402SharePage(await fetchText(shareUrl, { fetcher }), { url: shareUrl });
@@
-    parseMiroSharkX402SharePage(await fetchText(shareUrl, { fetcher }), { shareUrl });
+    parseMiroSharkX402SharePage(await fetchText(shareUrl, { fetcher }), { url: shareUrl });

—

_{Review f3a497ef · claude-opus-4-7 + gpt-5 (unanimous) · 147s · ~$0.40}